In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Arbitrary Code Execution vulnerabilities in an interactive lesson.
Start learningUpgrade github.com/cli/cli/pkg/cmd/release/create
to version 1.2.1 or higher.
Affected versions of this package are vulnerable to Arbitrary Code Execution. GitHub CLI depends on a git.exe
executable being found in the system %PATH%
on Windows. When a malicious .\git.exe
or .\git.bat
is found in the current working directory at the time of running gh
, the malicious command will be invoked instead of the system one.
Note:
Windows users who run gh
inside untrusted directories are affected.